package net.sourceforge.stripes.security;

import java.util.Arrays;
import java.util.List;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.tagext.TagSupport;

public class SecureTag extends TagSupport
{
    /**
	 * 
	 */
	private static final long serialVersionUID = 1L;
	private String roles;
//    private static Log log = Log.getInstance(SecureTag.class);
    final StripesSecurityManager securityManager = StripesSecurityFilter.getSecurityManager();
    
    public SecureTag()
    {
        super();
        initValues();
    }
    
    public String getRoles()
	{
		return roles;
	}

	public void setRoles(String roles)
	{
		this.roles = roles;
	}

	public int doStartTag() throws JspException
    {
		if (roles == null || roles.length() < 1)
			return SKIP_BODY;
		
		List<String> anyRoles = Arrays.asList(roles.trim().split(","));
		if (securityManager.isUserInRole(anyRoles, ((HttpServletRequest)pageContext.getRequest()), ((HttpServletResponse)pageContext.getResponse())))
			return EVAL_BODY_INCLUDE;

		return SKIP_BODY;		
    }

    private void initValues()
    {
        roles = "";
    }
}
